Activity 1

SEMESTER: V (2017-18) DATE OF DECLARATION:17/7/17

SUBJECT: CN DATE OF SUBMISSION:20/7/17
NAME OF THE STUDENT: Mitali Butala ROLL NO.: 12

Activity 1: Command line tool

Objective: Student will understand different commands of command line tool.

Outcome: Student will execute commands of command line tool.

Command Ipconfig
IPConfig allows a Network Manager to view system TCP/IP settings
and
reconfigure if necessary. It can be used to troubleshoot network
problems.

1 Open command prompt

2 Select Command Prompt (see below). At the command prompt, type
ipconfig.
3 Attach output.
4 Note your computer's IP address, default gateway and subnet mask.

IP address : 192.168.1.103
Default Gateway: 192.168.1.1
Subnet Mask: 255.255.255.0

5 Now try ipconfig /all.

6 Attach output here
7 What do you see now that you did not see earlier?

 In ipconfig describes only the ip address, subnet mask, default

 gateway of the system while ipconfig /all describes physical
addresss, DHCP Enabled, Ipv6 address, netbios over Tcpip and
many more.

Command Tracert
The Tracert diagnostic utility determines the route taken to a
destination by sending
Internet Control Message Protocol (ICMP) echo packets with varying IP
Time-to-
Live (TTL) values to the destination. Each router along the path is
required to
decrement the TTL on a packet by at least 1 before forwarding it.
When the TTL on
a packet reaches 0, the router should send an "ICMP Time Exceeded"
message back
to the source computer.Tracert determines the route by sending the
first echo packet
with a TTL of 1 and incrementing the TTL by 1 on each subsequent
transmission
until the target responds or the maximum TTL is reached. The route is
determined
by examining the "ICMP Time Exceeded" messages sent back by
intermediate
routers. Some routers silently drop packets with expired TTLs and are
invisible to
the Tracert utility. The tracert command prints out an ordered list of
the near-side
interface of the routers in the path that returned the "ICMP Time
Exceeded"
message. If the -d option is used, the Tracert utility does not perform
a DNS lookup
on each IP address.
1 Open command prompt.
2 Type in tracert www.yahoo.com (Take website of your
choice instead of www.yahoo.com)
3 Attach output.

4 Note what hops your computer takes to get to

www.amazon.com

 It takes 30 hops

5 Then try the same process with other sites.( Take 2 sample
sites)
6 Attach output.
 7 Did you notice that the first few hops are the same? Write down
what hops are taken to reach each destination, and what hops
are the same. Why you think some of the intermediate steps are
the same for different destinations?

 First few hops are same. I think some of intermediate steps are
same for different destination because If any of the hops come
back with * Request timed out, this denotes network
congestion and a reason for slow loading Web pages and
dropped connections.

The reason for that result on a trace is that, some ISP, does load
balance in his Autonomus System, thats it: same destination across
diferent ways. We can basically use Ping and Traceroute to self-
diagnose problems with your Internet connection. When you
view the results this shows you where the problem lies &$151;
with your own computer, on the network, or to see if it is the
server you are trying to reach that is experiencing issues.
Traceroute tells you the exact route you take to reach the
server from your computer (ISP) and how long each hop takes.

Command ns Lookup
nslookup is a network administration command-line tool
available for many
computer operating systems for querying the Domain Name
System (DNS) to
obtain domain name or IP address mapping or for any other
specific DNS record

1 In the command prompt Type nslookup www.yahoo.com (Take

website of your choice instead of www.yahoo.com)
 2 Note that this command gives you the actual name of the server,
as per the hosting company's naming conventions; its IP
address; and any aliases under which that server operates.

Command ARP
ARP command is used to view and then delete the ARP cache, and you use the
ping
command to generate ARP cache entries. Address Resolution
Protocol (ARP) is a
telecommunications protocol used for resolution of network layer
addresses into
link layer addresses, a critical function in multiple-access
networks. ARP was
defined by RFC 826 and is also the name of the program for
manipulating these
addresses in most operating systems.

1 In the command prompt, type arp -a. Remember, that

previously the computer discovered the MAC address of your
computer by using address resolution protocol (ARP). You have
now resolved the globally unique MAC address of your device.
2 Attach output.
3 A list of IP address/MACaddress pairs is displayed. The Type
field (third column) indicates whether the entry is static or
dynamic. Windows 7 generates static entries automatically, but
dynamic entries are generated by network communication. If
you don’t have any entries, the message ―No ARP Entries
Found‖ is displayed.
4 To delete the ARP cache, type arp –d and press Enter.
5 Attach output.

6 To verify that the entries have been deleted, type arp -a and
press Enter again.
7 Attach output.
8 Ask someone else in the lab for their IP address. They
can get that by typing ipconfig
9 Type ping IP address of another computer in your network and
press Enter.
10 Attach output.

11 Type arp -a to display your ARP cache again. You should

see the IP address you pinged along with its MAC address.
12 Attach output.

13 Type arp -d to clear the ARP cache again.

 14 Attach output.
15 Type ping your friend’s IP address and press Enter.
16 Attach output.

17 Type arp -a to display your ARP cache again. You’ll probably

see two new entries in your ARP cache.
18 Attach output.

Command Ping
Ping is a basic Internet program that lets you verify that a
particular Internet address
exists and can accept requests. The verb ping means the act of
using the ping utility
or command. Ping is used diagnostically to ensure that a host
computer you are
trying to reach is actually operating. If, for example, a user cannot ping a host,
then
the user will be unable to use the File Transfer Protocol (FTP) to
send files to that
host. Ping can also be used with a host that is operating to see
how long it takes to
get a response back. Using ping, you can learn the number form
of the IP address
from the symbolic domain name Loosely, ping means "to get the
attention of" or "to
check for the presence of" another party online. Ping operates
by sending a packet to
a designated address and waiting for a response.
1 Ask your friend to give his/her IP address.
2 Now try a simple ping to their machine using e.g. ping your
friend’s IP address,
3 Attach output.

4 Try the option ping -n 2 IP ADDRESS, then try ping -n 7 IP

ADDRESS. What differences do you notice?
5 Attach output.
  I noticed that if we use ping –n 2 sender system sends only
two packets to the receiver system and if we use ping –n 7
sender sends 7 packets to the receiver system to check
whether receiving system is available.

Command Net Sessions

Net Sessions is a tool for managing server computer
connections. Used without
parameters, net session displays information about all
sessions with the local
computer.

1 In the command prompt, Type in net sessions to if any active

sessions are connected to your computer.
2 It will more than likely state There are no sessions in the list."
3 Attach output.

Command Openfiles
 Openfiles queries or displays open files. It also queries,
displays, or disconnects files opened by network users.
In the command prompt, type in openfiles to if any shared files
which are currently open. Useful again for finding live attacks.
It will more than likely state INFO: No share
open files found." Attach output.

Command netstat
Netstat allows you to display statistics about your Ethernet
interface. If any errors are indicated in the display, you might
have problems with your network connection that are slowing
the network down. If the error packets approach 1% of the total
number of packets, something is probably wrong with your NIC
or physical interface.

1 In the command prompt, type in netstat to list all current

network connections, not just inbound but outbound as well.

Attach output.

2 You should see a list of connections listed. Useful again for finding live
attacks.
3 Type in netstat -? to see options with this command. You should see
-a, -e and others.
4 Attach output.

5 Type in netstat -e. These statistics include the number of bytes and
packets received and sent through the Ethernet interface.
6 Attach output.

7 To see statistics for all protocols, type netstat -s and press Enter.
8 Attach output.
10 To limit the display to just IP statistics, type netstat -ps IP and press
Enter.
11 Attach output.
12 To see your active network statistics updated every 5 seconds, type
netstat -e -t 5 and press Enter. Press Ctrl+C to stop the program.
13 Attach output.
14 Type netstat -o. This shows active TCP connections, but it also displays
the corresponding process identifier [-o] for each connection so you
can determine which program on your computer initiated each one.
15 Attach output.
16 Pay attention to the PID column. In somes cases, the PIDs are all the
same, meaning that the same program on your computer opened
these connections. However, to determine what program is
represented by the PID of say 2948 on your computer, all you have to
do is open Task Manager, click on the Processes tab, and note the
Image Name listed next to the PID your are looking for in the PID
column. Go ahead and try this.... Also, please be aware that using the
netstat command with the - o option can be very helpful when tracking
down which program is using too big a share of your bandwidth. It
can also help locate the destination where some kind of malware, or
even an otherwise legitimate piece of software, might be sending
information without your permission.
17 Note: While this and the previous example were both run on the same
computer, and within just a minute of each other, you can see that the
list of active TCP connections is considerably different. This is
because your computer is constantly connecting to, and
disconnecting from, various other devices on your network and over
the Internet.
18 To display ICMP information, type netstat -ps ICMP and press Enter. A
variety of ICMP message types are displayed along with how many
of each type of message were received and sent. Most, if not all, will
be Echo and Echo Reply messages.
19 Attach output.
 Ask your friend for his/her IP address. Then use that e.g. Type ping IP
address of your friend and press Enter. This command should
generate ICMP Destination Unreachable messages.
20 Attach output

21 To see whether the number of Destination Unreachable messages has

increased, type netstat -ps ICMP and press Enter. The ICMP TTL-
Expired messages used in Tracert are called Time Exceeded
messages in Netstat.
22 Attach output
23 Type tracert www.yahoo .com (Take website of your choice
instead of www.yahoo.com)
24 Attach output
25 To see whether the number of Time Exceeded messages has
increased, type netstat - ps ICMP and press Enter.
26 Attach output
27 To display your computer’s routing table, type netstat -r and press
Enter. Every computer has a routing table it uses to decide which
interface to send packets to. The first entry lists the network
destination as 0.0.0.0, which is the entry for your default gateway.
28 Attach output
 Finally, type netstat -s -p tcp -f. Here we wish to see protocol specific
statistics [-s] but not all of them, just TCP stats [-p tcp]. We also want
the foreign addresses displayed in FQDN format [-f]. Please scroll up
in the command windows to see TCP stats displayed before the list of
active connections was created.
Attach output

Activity 2 : Viewing Your Computer’s routing table

Objective: Student will understand the concept of routing table of a computer.

Outcome: Student will view routing table of a computer.

1 Even though your computer is not a router, it maintains an internet

routing table with entries for the network interface network, the
loopback network, and details of other internal networks.
2 Open a command prompt.
3 To view your routing table, type route print | more and press Enter.
The | more after the route print command causes output to be
displayed one screen at a time
4 Attach output.
5 Next, examine the output of the route print command. Your
computer's network interfaces are listed at the top, and the IPv4
Route Table lists entries in the routing table, which has five columns:
 Network Destination — The network destination your
computer compares with the destination IP address of
outgoing packets to determine where to send them.
  Netmask — The subnet mask of the network
destination. A value of 255.255.255.255 indicates that
the address in the Network Destination column is a
specific IP address rather than a network address; it's
referred to as a "host route." A value of 0.0.0.0 is used
when the network destination is 0.0.0.0, indicating the
default route or gateway.
 Gateway — The next hop address or the on-link, which
means the network is connected directly to an
interface. Make a note of the value in this the 0.0.0.0
network destination, as you need it later.
 Interface — The address of the interface Windows
uses to send the packet to the network destination.
 Metric - The metric assigned to the route. If there are
two entries for the network destination, the lower
metric is the route chosen.

6 Press the spacebar one or more times to display the rest of the
output. You'll see row of output labeled Persistent Routes. If you
create a route manually and it is to stay in the table between reboots,
it is listed here. You will also see your default route listed under
Persistent Routes in the IPv4 section of the output
7 Attach output.
8 To verify that you can communicate with the Internet, type ping
www.gmail.com (Take website of your choice instead of
www.yahoo.com)press Enter. If the ping is successful, your default
network is working correctly.